CFP: Mark of the Beast Erasable Tattoo

|

It took a representative of the government of these here United States to give the Computers, Freedom, and Privacy conference its first moment of unadulterated excitement.* Frank Moss, Deputy Assistant Secretary of State for Passport Services, energetically defended the RFID passport proposal in a panel on passport security risks. Clearly, Moss was here to be the turd in the punchbowl, and the crowd had a good two minutes' hate as he dismissed fears about the proposal as "poppycock."

The popular concern about the RFID passport is that it will be readable at a distance, so while you're at a bar in Beirut or sleeping in your Karachi hotel room, a terrorist will be picking up all your personal information. Moss had a bunch of reasons why this wouldn't be possible, and a pissing competition started between him and Barry Steinhardt, director of the ACLU's Technology & Liberty Program. Steinhardt says the passport idea is "policy laundering," where the feds avoid having to push an unpopular domestic policy by instituting it through an international organization, then coming back and saying they're just bringing US standards up to international "norms."

Anyway, Moss did a pretty good job of defending his end, but the scuttlebutt is that the readability issue is a red herring. The real issue is that the RFID passport is being pushed as a convenience measure that will allow you to go through borders more quickly. It's clearly a measure to enhance security. Between the increasing amount of information it will make available (and the increasing number of security flags that will go up as a result), the delays that will crop up when people try to pass through customs with chips that are either intentionally or unintentionally damaged, and the infrastructure Homeland Security and its foreign counterparts will need to build to handle the increased amount of information and the growing number of people who will be getting flagged, the RFID passport will almost certainly make travel slower, not faster. There may be enough security advantages to make that delay worth it, but the government shouldn't be promising that disimprovements will actually be improvements.

* I mean the only unadulterated excitement at the conference itself. The high point for me came at an event held at Paul Allen's Science Fiction Museum, where I got to see Kirk's chair from the Enterprise. The swivel seat radiates power and authority up close just as it does on TV, but I was surprised to see that the panels along the armrests seem to be made of wood, not corbomite.

NEXT: Brian Doherty on The O'Reilly Factor Tonight

Editor's Note: We invite comments and request that they be civil and on-topic. We do not moderate or assume any responsibility for comments, which are owned by the readers who post them. Comments do not represent the views of Reason.com or Reason Foundation. We reserve the right to delete any comment for any reason at any time. Report abuses.

  1. Mr. Cavanaugh, are you actually at this conference? Is anyone else from Reason there? If so, I may just play hookey tomorrow and swing by.

  2. Can someone explain to me why the proposed RFID passport contains anything more than a single number that maps one-for-one to the passport number itself.

    If the person I’m talking to can’t pull up my picture, address, thumbprint, blood type, shoe size, etc., from some other system given my passport number, I don’t want to be giving him this information. Conversely, the fact that they can pull up that info from my passport number demonstrates that they probably have the authority to do so and don’t need it placed on the chip.

    This solution should quell the security concerns of false passports. And it also should quell the concerns of detection by third parties: the single interesting number could be encoded to look like the RFID on a tube of toothpase or some other innocuous not-necessarily-American item.

  3. Tim,

    Mr Moss didn’t really say “poppycock”, did he?

  4. MikeP,
    Dead on dude. RFIP is in itself objectionable. But there’s no reason to make your personal info downloadable to anyone.

  5. RFIP is not in itself…

  6. Armrests made out of Corbomite? What, are you *nuts*? That’s the most powerful explosive known to the Federation! Are *your* armrests made out of nitroglycerin?

    Enough of tha jibba-jabba, foo’!

    /larry/

  7. I agree with MikeP. If my passport only carried my passport ID # on the RFID I could live with it. But anything else is unacceptable.

    I predict that, while there will probably be the issue of terrorists trying to find the Americans by scanning for RFID passports, the group that will exploit this on the largest scale will be identity thieves.

  8. Agreed. Poppycock? I don’t have the OED handy but it is available at the Baldwinsville library. I’m gonna look it up.

  9. Re: What’s on your passport. How about if it didn’t have any personal info beyond what’s written in the passport, but did record everyplace the passport itself has passed through? Thus, a passport entering Los Angeles from Vancouver would be given a pretty low security risk; but if the chip revealed that prior to that it had entered Vancouver from London, the risk would go up a bit; and if prior to that it had entered London from Karachi, the security profile goes up a heap.

    This could be pretty useful information to customs. In fact, I don’t see what would be the point of a chip that doesn’t record information like that.

    The security risk they kept talking about goes as follows: When you’re at the bar in Beirut you don’t necessarily want to be volunteering the fact that you’re an American to anybody who is curious.

  10. How about if it just had a passport number on it and when it passed through an entry point somewhere, the software at the entry point noted the fact in the background and stored that entry on the main networked server.

    If they have the ability to write to the passport chip, they have the ability to read and write to a networked mainframe that could keep (and datamine!) all this info.

  11. Mr. Cavanaugh, I guess I don’t blame you for not answering *my* question. There are a lot of weirdos on this internet thingy.

  12. In fact, I don’t see what would be the point of a chip that doesn’t record information like that.

    Well, a chip that did contain a record of the passport holder’s travels would likely be cracked sooner or later and afterwards editable, so someone could fake one’s itinerary with nothing more than access to the passport. It would also have a finite memory that wouldn’t be able to hold much more than airport codes to avoid filling up.

    Really, if you’re going to have RFID passports (or RFID anything), you should make them present nothing more than a standard, unfathomable string of characters, like a UUID. You read the number, then match it against an index in the database. If it matches, you know what it is. If it doesn’t, you don’t know whether it’s the tag in a CD case or someone’s passport.

    Though, to be frank, I’ve no idea how close this is to actual implementations. I’m just answering the question. 🙂

  13. sage, I sent an email to your listed address giving my general whereabouts and itinerary. That’ll teach you to use a fake addy.

    In any event, I’ve left the Emerald City and am now back in Kansas. I like Seattle though. Maybe another time…

Please to post comments

Comments are closed.